summaryrefslogtreecommitdiffstats
path: root/man/systemd-boot.xml
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 13:00:47 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 13:00:47 +0000
commit2cb7e0aaedad73b076ea18c6900b0e86c5760d79 (patch)
treeda68ca54bb79f4080079bf0828acda937593a4e1 /man/systemd-boot.xml
parentInitial commit. (diff)
downloadsystemd-2cb7e0aaedad73b076ea18c6900b0e86c5760d79.tar.xz
systemd-2cb7e0aaedad73b076ea18c6900b0e86c5760d79.zip
Adding upstream version 247.3.upstream/247.3upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--man/systemd-boot.xml503
1 files changed, 503 insertions, 0 deletions
diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml
new file mode 100644
index 0000000..09f2854
--- /dev/null
+++ b/man/systemd-boot.xml
@@ -0,0 +1,503 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
+
+<refentry id="systemd-boot" conditional='ENABLE_EFI'
+ xmlns:xi="http://www.w3.org/2001/XInclude">
+ <refentryinfo>
+ <title>systemd-boot</title>
+ <productname>systemd</productname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>systemd-boot</refentrytitle>
+ <manvolnum>7</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>systemd-boot</refname>
+ <refname>sd-boot</refname>
+ <refpurpose>A simple UEFI boot manager</refpurpose>
+ </refnamediv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para><command>systemd-boot</command> (short: <command>sd-boot</command>) is a simple UEFI boot
+ manager. It provides a graphical menu to select the entry to boot and an editor for the kernel command
+ line. <command>systemd-boot</command> supports systems with UEFI firmware only.</para>
+
+ <para><command>systemd-boot</command> loads boot entry information from the EFI system partition (ESP),
+ usually mounted at <filename>/efi/</filename>, <filename>/boot/</filename>, or
+ <filename>/boot/efi/</filename> during OS runtime, as well as from the Extended Boot Loader partition if
+ it exists (usually mounted to <filename>/boot/</filename>). Configuration file fragments, kernels,
+ initrds and other EFI images to boot generally need to reside on the ESP or the Extended Boot Loader
+ partition. Linux kernels must be built with <option>CONFIG_EFI_STUB</option> to be able to be directly
+ executed as an EFI image. During boot <command>systemd-boot</command> automatically assembles a list of
+ boot entries from the following sources:</para>
+
+ <itemizedlist>
+ <listitem><para>Boot entries defined with <ulink
+ url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> description files
+ located in <filename>/loader/entries/</filename> on the ESP and the Extended Boot Loader
+ Partition. These usually describe Linux kernel images with associated initrd images, but alternatively
+ may also describe arbitrary other EFI executables.</para></listitem>
+
+ <listitem><para>Unified kernel images following the <ulink
+ url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>, as executable EFI
+ binaries in <filename>/EFI/Linux/</filename> on the ESP and the Extended Boot Loader Partition.
+ </para></listitem>
+
+ <listitem><para>The Microsoft Windows EFI boot manager, if installed</para></listitem>
+
+ <listitem><para>The Apple MacOS X boot manager, if installed</para></listitem>
+
+ <listitem><para>The EFI Shell binary, if installed</para></listitem>
+
+ <listitem><para>A reboot into the UEFI firmware setup option, if supported by the firmware</para></listitem>
+ </itemizedlist>
+
+ <para><command>systemd-boot</command> supports the following features:</para>
+
+ <itemizedlist>
+ <listitem><para>Basic boot manager configuration changes (such as timeout
+ configuration, default boot entry selection, …) may be made directly from the boot loader UI at
+ boot-time, as well as during system runtime with EFI variables.</para></listitem>
+
+ <listitem><para>The boot manager integrates with the <command>systemctl</command> command to implement
+ features such as <command>systemctl reboot --boot-loader-entry=…</command> (for rebooting into a
+ specific boot menu entry, i.e. "reboot into Windows") and <command>systemctl reboot
+ --boot-loader-menu=…</command> (for rebooting into the boot loader menu), by implementing the <ulink
+ url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>. See
+ <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
+ details.</para></listitem>
+
+ <listitem><para>An EFI variable set by the boot loader informs the OS about the ESP partition used
+ during boot. This is then used to automatically mount the correct ESP partition to
+ <filename>/efi/</filename> or <filename>/boot/</filename> during OS runtime. See
+ <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for details.</para></listitem>
+
+ <listitem><para>The boot manager provides information about the boot time spent in UEFI firmware using
+ the <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>. This
+ information can be displayed using
+ <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
+ </para></listitem>
+
+ <listitem><para>The boot manager implements boot counting and automatic fallback to older, working boot
+ entries on failure. See <ulink url="https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT">Automatic Boot
+ Assessment</ulink>.</para></listitem>
+
+ <listitem><para>The boot manager optionally reads a random seed from the ESP partition, combines it
+ with a 'system token' stored in a persistent EFI variable and derives a random seed to use by the OS as
+ entropy pool initialization, providing a full entropy pool during early boot.</para></listitem>
+ </itemizedlist>
+
+ <para><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ may be used from a running system to locate the ESP and the Extended Boot Loader Partition, list
+ available entries, and install <command>systemd-boot</command> itself.</para>
+
+ <para><citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ may be used to copy kernel images onto the ESP or the Extended Boot Loader Partition and to generate
+ description files compliant with the Boot Loader
+ Specification.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Key bindings</title>
+ <para>The following keys may be used in the boot menu:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><keycap>↑</keycap> (Up)</term>
+ <term><keycap>↓</keycap> (Down)</term>
+ <term><keycap>j</keycap></term>
+ <term><keycap>k</keycap></term>
+ <term><keycap>PageUp</keycap></term>
+ <term><keycap>PageDown</keycap></term>
+ <term><keycap>Home</keycap></term>
+ <term><keycap>End</keycap></term>
+ <listitem><para>Navigate up/down in the entry list</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>↵</keycap> (Enter)</term>
+ <term><keycap>→</keycap> (Right)</term>
+ <listitem><para>Boot selected entry</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>d</keycap></term>
+ <listitem><para>Make selected entry the default</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>e</keycap></term>
+ <listitem><para>Edit the kernel command line for selected entry</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>+</keycap></term>
+ <term><keycap>t</keycap></term>
+ <listitem><para>Increase the timeout before default entry is booted</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>-</keycap></term>
+ <term><keycap>T</keycap></term>
+ <listitem><para>Decrease the timeout</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>v</keycap></term>
+ <listitem><para>Show systemd-boot, UEFI, and firmware versions</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>P</keycap></term>
+ <listitem><para>Print status</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>Q</keycap></term>
+ <listitem><para>Quit</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>h</keycap></term>
+ <term><keycap>?</keycap></term>
+ <term><keycap>F1</keycap></term>
+ <listitem><para>Show a help screen</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycombo><keycap>Ctrl</keycap><keycap>l</keycap></keycombo></term>
+ <listitem><para>Reprint the screen</para></listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>The following keys may be pressed during bootup or in the boot menu to directly boot a specific
+ entry:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><keycap>l</keycap></term>
+ <listitem><para>Linux</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>w</keycap></term>
+ <listitem><para>Windows</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>a</keycap></term>
+ <listitem><para>OS X</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>s</keycap></term>
+ <listitem><para>EFI shell</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>1</keycap></term>
+ <term><keycap>2</keycap></term>
+ <term><keycap>3</keycap></term>
+ <term><keycap>4</keycap></term>
+ <term><keycap>5</keycap></term>
+ <term><keycap>6</keycap></term>
+ <term><keycap>7</keycap></term>
+ <term><keycap>8</keycap></term>
+ <term><keycap>9</keycap></term>
+ <listitem><para>Boot entry number 1 … 9</para></listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>The boot menu is shown when a non-zero menu timeout has been configured. If the menu timeout has
+ been set to zero, it is sufficient to press any key — before the boot loader initializes — to bring up
+ the boot menu, except for the keys listed immediately above as they directly boot into the selected boot
+ menu item. Note that depending on the firmware implementation the time window where key presses are
+ accepted before the boot loader initializes might be short. If the window is missed, reboot and try
+ again, possibly pressing a suitable key (e.g. the space bar) continuously; on most systems it should be
+ possible to hit the time window after a few attempts. To avoid this problem, consider setting a non-zero
+ timeout, thus showing the boot menu unconditionally. Some desktop environments might offer an option to
+ directly boot into the boot menu, to avoid the problem altogether. Alternatively, use the command line
+ <command>systemctl reboot --boot-loader-menu=0</command> from the shell.</para>
+
+ <para>In the editor, most keys simply insert themselves, but the following keys
+ may be used to perform additional actions:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><keycap>←</keycap> (Left)</term>
+ <term><keycap>→</keycap> (Right)</term>
+ <term><keycap>Home</keycap></term>
+ <term><keycap>End</keycap></term>
+ <listitem><para>Navigate left/right</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>Esc</keycap></term>
+ <listitem><para>Abort the edit and quit the editor</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycombo><keycap>Ctrl</keycap><keycap>k</keycap></keycombo></term>
+ <listitem><para>Clear the command line</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycombo><keycap>Ctrl</keycap><keycap>w</keycap></keycombo></term>
+ <term><keycombo><keycap>Alt</keycap><keycap>Backspace</keycap></keycombo></term>
+ <listitem><para>Delete word backwards</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycombo><keycap>Alt</keycap><keycap>d</keycap></keycombo></term>
+ <listitem><para>Delete word forwards</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>↵</keycap> (Enter)</term>
+ <listitem><para>Boot entry with the edited command line</para></listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>Note that unless configured otherwise in the UEFI firmware, systemd-boot will
+ use the US keyboard layout, so key labels might not match for keys like +/-.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>Files</title>
+
+ <para>The files <command>systemd-boot</command> processes generally reside on the UEFI ESP which is
+ usually mounted to <filename>/efi/</filename>, <filename>/boot/</filename> or
+ <filename>/boot/efi/</filename> during OS runtime. It also processes files on the Extended Boot Loader
+ partition which is typically mounted to <filename>/boot/</filename>, if it
+ exists. <command>systemd-boot</command> reads runtime configuration such as the boot timeout and default
+ entry from <filename>/loader/loader.conf</filename> on the ESP (in combination with data read from EFI
+ variables). See
+ <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Boot
+ entry description files following the <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot
+ Loader Specification</ulink> are read from <filename>/loader/entries/</filename> on the ESP and the
+ Extended Boot Loader partition. Unified kernel boot entries following the <ulink
+ url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> are read from
+ <filename>/EFI/Linux/</filename> on the ESP and the Extended Boot Loader partition. Optionally, a random
+ seed for early boot entropy pool provisioning is stored in <filename>/loader/random-seed</filename> in
+ the ESP.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>EFI Variables</title>
+
+ <para>The following EFI variables are defined, set and read by <command>systemd-boot</command>, under the vendor
+ UUID <literal>4a67b082-0a4c-41cf-b6c7-440b29bb8c4</literal>, for communication between the OS and the boot
+ loader:</para>
+
+ <variablelist class='efi-variables'>
+ <varlistentry>
+ <term><varname>LoaderBootCountPath</varname></term>
+ <listitem><para>If boot counting is enabled, contains the path to the file in whose name the boot counters are
+ encoded. Set by the boot
+ loader. <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ uses this information to mark a boot as successful as determined by the successful activation of the
+ <filename>boot-complete.target</filename> target unit.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderConfigTimeout</varname></term>
+ <term><varname>LoaderConfigTimeoutOneShot</varname></term>
+ <listitem><para>The menu timeout in seconds. Read by the boot loader. <varname>LoaderConfigTimeout</varname>
+ is maintained persistently, while <varname>LoaderConfigTimeoutOneShot</varname> is a one-time override which is
+ read once (in which case it takes precedence over <varname>LoaderConfigTimeout</varname>) and then
+ removed. <varname>LoaderConfigTimeout</varname> may be manipulated with the
+ <keycap>t</keycap>/<keycap>T</keycap> keys, see above.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderDevicePartUUID</varname></term>
+
+ <listitem><para>Contains the partition UUID of the EFI System Partition the boot loader was run from. Set by
+ the boot
+ loader. <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ uses this information to automatically find the disk booted from, in order to discover various other partitions
+ on the same disk automatically.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderEntries</varname></term>
+
+ <listitem><para>A list of the identifiers of all discovered boot loader entries. Set by the boot
+ loader.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderEntryDefault</varname></term>
+ <term><varname>LoaderEntryOneShot</varname></term>
+
+ <listitem><para>The identifier of the default boot loader entry. Set primarily by the OS and read by the boot
+ loader. <varname>LoaderEntryOneShot</varname> sets the default entry for the next boot only, while
+ <varname>LoaderEntryDefault</varname> sets it persistently for all future
+ boots. <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
+ <option>set-default</option> and <option>set-oneshot</option> commands make use of these variables. The boot
+ loader modifies <varname>LoaderEntryDefault</varname> on request, when the <keycap>d</keycap> key is used, see
+ above.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderEntrySelected</varname></term>
+
+ <listitem><para>The identifier of the boot loader entry currently being booted. Set by the boot
+ loader.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderFeatures</varname></term>
+
+ <listitem><para>A set of flags indicating the features the boot loader supports. Set by the boot loader. Use
+ <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
+ data.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderFirmwareInfo</varname></term>
+ <term><varname>LoaderFirmwareType</varname></term>
+
+ <listitem><para>Brief firmware information. Set by the boot loader. Use
+ <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
+ data.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderImageIdentifier</varname></term>
+
+ <listitem><para>The path of executable of the boot loader used for the current boot, relative to the EFI System
+ Partition's root directory. Set by the boot loader. Use
+ <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
+ data.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderInfo</varname></term>
+
+ <listitem><para>Brief information about the boot loader. Set by the boot loader. Use
+ <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
+ data.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderTimeExecUSec</varname></term>
+ <term><varname>LoaderTimeInitUSec</varname></term>
+ <term><varname>LoaderTimeMenuUsec</varname></term>
+
+ <listitem><para>Information about the time spent in various parts of the boot loader. Set by the boot
+ loader. Use <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ to view this data. </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderRandomSeed</varname></term>
+
+ <listitem><para>A binary random seed <command>systemd-boot</command> may optionally pass to the
+ OS. This is a volatile EFI variable that is hashed at boot from the combination of a random seed
+ stored in the ESP (in <filename>/loader/random-seed</filename>) and a "system token" persistently
+ stored in the EFI variable <varname>LoaderSystemToken</varname> (see below). During early OS boot the
+ system manager reads this variable and passes it to the OS kernel's random pool, crediting the full
+ entropy it contains. This is an efficient way to ensure the system starts up with a fully initialized
+ kernel random pool — as early as the initial RAM disk phase. <command>systemd-boot</command> reads
+ the random seed from the ESP, combines it with the "system token", and both derives a new random seed
+ to update in-place the seed stored in the ESP, and the random seed to pass to the OS from it via
+ SHA256 hashing in counter mode. This ensures that different physical systems that boot the same
+ "golden" OS image — i.e. containing the same random seed file in the ESP — will still pass a
+ different random seed to the OS. It is made sure the random seed stored in the ESP is fully
+ overwritten before the OS is booted, to ensure different random seed data is used between subsequent
+ boots.</para>
+
+ <para>See <ulink url="https://systemd.io/RANDOM_SEEDS">Random Seeds</ulink> for
+ further information.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderSystemToken</varname></term>
+
+ <listitem><para>A binary random data field, that is used for generating the random seed to pass to
+ the OS (see above). Note that this random data is generally only generated once, during OS
+ installation, and is then never updated again.</para></listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>Many of these variables are defined by the <ulink
+ url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Boot Counting</title>
+
+ <para><command>systemd-boot</command> implements a simple boot counting mechanism on top of the <ulink
+ url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>, for automatic and unattended
+ fallback to older kernel versions/boot loader entries when a specific entry continuously fails. Any boot loader
+ entry file and unified kernel image file that contains a <literal>+</literal> followed by one or two numbers (if
+ two they need to be separated by a <literal>-</literal>), before the <filename>.conf</filename> or
+ <filename>.efi</filename> suffix is subject to boot counting: the first of the two numbers ('tries left') is
+ decreased by one on every boot attempt, the second of the two numbers ('tries done') is increased by one (if 'tries
+ done' is absent it is considered equivalent to 0). Depending on the current value of these two counters the boot
+ entry is considered to be in one of three states:</para>
+
+ <orderedlist>
+ <listitem><para>If the 'tries left' counter of an entry is greater than zero the entry is considered to be in
+ 'indeterminate' state. This means the entry has not completed booting successfully yet, but also hasn't been
+ determined not to work.</para></listitem>
+
+ <listitem><para>If the 'tries left' counter of an entry is zero it is considered to be in 'bad' state. This means
+ no further attempts to boot this item will be made (that is, unless all other boot entries are also in 'bad'
+ state), as all attempts to boot this entry have not completed successfully.</para></listitem>
+
+ <listitem><para>If the 'tries left' and 'tries done' counters of an entry are absent it is considered to be in
+ 'good' state. This means further boot counting for the entry is turned off, as it successfully booted at least
+ once. The
+ <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ service moves the currently booted entry from 'indeterminate' into 'good' state when a boot attempt completed
+ successfully.</para></listitem>
+ </orderedlist>
+
+ <para>Generally, when new entries are added to the boot loader, they first start out in 'indeterminate' state,
+ i.e. with a 'tries left' counter greater than zero. The boot entry remains in this state until either it managed to
+ complete a full boot successfully at least once (in which case it will be in 'good' state) — or the 'tries left'
+ counter reaches zero (in which case it will be in 'bad' state).</para>
+
+ <para>Example: let's say a boot loader entry file <filename>foo.conf</filename> is set up for 3 boot tries. The
+ installer will hence create it under the name <filename>foo+3.conf</filename>. On first boot, the boot loader will
+ rename it to <filename>foo+2-1.conf</filename>. If that boot does not complete successfully, the boot loader will
+ rename it to <filename>foo+1-2.conf</filename> on the following boot. If that fails too, it will finally be renamed
+ <filename>foo+0-3.conf</filename> by the boot loader on next boot, after which it will be considered 'bad'. If the
+ boot succeeds however the entry file will be renamed to <filename>foo.conf</filename> by the OS, so that it is
+ considered 'good' from then on.</para>
+
+ <para>The boot menu takes the 'tries left' counter into account when sorting the menu entries: entries in 'bad'
+ state are ordered at the beginning of the list, and entries in 'good' or 'indeterminate' at the end. The user can
+ freely choose to boot any entry of the menu, including those already marked 'bad'. If the menu entry to boot is
+ automatically determined, this means that 'good' or 'indeterminate' entries are generally preferred (as the bottom
+ item of the menu is the one booted by default), and 'bad' entries will only be considered if there are no 'good' or
+ 'indeterminate' entries left.</para>
+
+ <para>The <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry> kernel
+ install framework optionally sets the initial 'tries left' counter to the value specified in
+ <filename>/etc/kernel/tries</filename> when a boot loader entry is first created.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-boot-system-token.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>,
+ <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>
+ </para>
+ </refsect1>
+</refentry>